Maturing Risk Management Coursera Quiz Answers

Get All Weeks Maturing Risk Management Coursera Quiz Answers

Week 01: Maturing Risk Management Coursera Quiz Answers

Knowledge Check: Change Management

Q1. What role does the release manager provide? (D1, L8.1)  

Tests changes
Maintains the configuration management database (CMDB)
Audits changes
Schedules deployment

Q2. What role(s) should the security team have in the change management or controls process? Select all that apply.  (D1, L8.1)  

Analyze proposed changes for security issues 
Review changes for impacts to compliance requirements  
Assess proposed changes for impacts to existing security policies or procedures
Act in advisory capacity when the configuration control board asks for assistance
Perform test case analysis to verify regression testing validates that security is intact
Assist users in altering task-specific security procedures based on proposed changes
Provide summary analysis of configuration control audits

Applied Scenario 1 Review: Physical Security Site Survey

Q1. You have been asked to join a team to investigate the site and perform a site survey to assess the suitability of the proposed location. What about these features could be a positive? Which could introduce a potential security risk?    Directions: For each item, indicate whether these features are a positive or negative for IMI’s proposed new location. (D1, L8.2)   

The site is large and reasonably separated from the town. 

Positive
Negative

Q2. There is a small body of water near the location.  

Positive 
Negative

Q3. There is a residential area close by and employee parking is available.   

Positive   
Negative

Q4. The road runs very close to the front of the site.

Positive
Negative

Q5. There are many trees and shrubs around the site. 

Positive  
Negative

Knowledge Check: Physical Security Considerations

Q,1 What is the primary goal of physical security? (D1, L8.2)  

To delay
To deter
To protect 
To respond

Q.2 Which of the following are common electrical problems? (D1, L8.2)

Blackout
Spike
Surge
All of these

Week 02: Maturing Risk Management Coursera Quiz Answers

Knowledge Check: The Human Element

Directions: Answer the true/false question regarding the data and the human element. Based on the information presented, the human element is the greatest security risk to an organization. (D1, L8.3)  

True
False

Activity 1: Design an Awareness Strategy

One of the reasons the human element presents such a large security risk is a lack of training. Training comes in several categories, but here we will consider perhaps the most encompassing — security awareness.  

Scenario: You are working as a security professional at a mid-level company. Employees are predominantly remote and there are several regional offices/branches. The corporate culture is team-oriented and stable. Employees are goal driven and eager to support the mission and vision of the organization, but change is adopted slowly and often seen as additional work to staff rather than a benefit.  

Q.1 Directions: For this activity, read the scenario presented and work in your group to design an effective security awareness training program. (D1, L8.3)  
How frequently should security awareness training be provided?  

Daily  
Weekly  
Monthly 
Yearly

Q.2You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?  

You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?  
Make a compliance-driven message that stresses the possible penalties.  
Make the message relevant to the individual on a personal level and stress how this would impact the organization. 
Make the message general enough that it would never need to be updated.  
All of these.

Q.3 Which of the following would be a way to assess the effectiveness of the security awareness training?

Gamification   
Mini quizzes 
Surveys/Spot checks
All of these

Q.4 Which of these is not a social engineering attack? (D1, L8.3)  

Baiting
Tailgating
Sharking 
Whaling

Q,5 Which of the following best describes microtraining? (D1, L8.3)  

One-on-one, hands-on, skills- and proficiency-focused
Group activities geared toward gaining greater awareness of fine details of security practices
Very short-duration, task-focused tactics, which challenge users to recognize and correctly deal with suspicious events, providing immediate feedback to users 
Pejorative term referring to how most training programs somewhat fail to modify users’ security behavior

Knowledge Check: Conducting Vulnerability Assessments

Q.1 Directions: Check for understanding by answering the following true/false questions regarding vulnerability assessments. (D3, L8.4)  True or False? Vulnerability assessments are considered an active task.   

True
False

Q.2 True or False? A key part of the vulnerability assessment is the gathering of data needed to perform the assessment.   

True
False

Q.3 True or False? The results of the vulnerability assessment are documented in a report submitted to management for action. 

True
False

Knowledge Check: Host Security 

Q.1 What problem may arise when using vulnerability analysis tools? (D3, L8.4)  

Scan data can be exported in a variety of formats.
An incorrectly designed test may not yield any results.
Scans include known vulnerabilities for software but not applications.
There are no problems with using vulnerability analysis tools.

Q.2 Which of the following is a benefit of vulnerability testing? (D3, L8.4) 

It identifies system vulnerabilities.
It allows for the prioritization of mitigation tasks based on system criticality and risk. 
It is considered a useful tool for comparing security posture over time, especially when done consistently each period. 
All of these.

Q.3 What are the two broad categories of vulnerability testing software? (D3, L8.4) 

General and application-specific
Application-specific and software-specific 
General and non-general  
None of these

Knowledge Check: Perform Security Assessment Activities

Q.1 Which type of penetration test is carried out to mimic the actions of a user?  (D3, L8.4)    

External   
Zero knowledge
Gray box
Internal

Q.2 Which of the following is not a potential problem associated with testing?  (D3, L8.4)  

Conflict of interest
System crash
Information disclosure
Temporal information

Week 03: Maturing Risk Management Coursera Quiz Answers

Chapter 8 Quiz: Maturing Risk Management

This quiz will help you to confirm your understanding and retention of concepts for this chapter. Please complete it by answering all questions, reviewing correct answers and feedback, and revisiting any chapter material you feel you need extra time with.

Instructions

This Assessment contains 10 objective item questions.
Recommended time limit is 20 minutes, 2 minutes per question.
Choose the best answer(s) for each question.
You have unlimited attempts and may complete this assessment as many times as you would like.
Passing grade for this quiz is 70%.
Score of highest attempt will be calculated.

Your score and quiz report

Each question carries 1 point.
For each question, a 1/1 point indicates correct answer and 0/1 point indicates incorrect answer which you see upon quiz submission.
Upon completion, you will be able to see your total number of attempts along with the score for each attempt.
Your overall grade reflects the score of your highest attempt.
Click on each attempt to view the completed quiz.

Q.1 Which data backup strategy allows data backup to an off site location via a WAN or internet connection? (D4, L8.4)

Remote journaling
Electronic vaulting
Clustering

Q.2 Which of the following statements is most correct about incident response? (D4, L8.5)

The goal is to prevent incidents from happening again.
Incident response does not involve problem management.
Incident response does not require a policy.
The goal is to minimize damage and learn to be better prepared.

Q.3What is the recovery point objective (RPO)?  (D4, L8.5)

The maximum outage time
The maximum outage time for critical services
The maximum amount of data loss
The minimum amount of data loss

Q.4 Which of the following statements is true? (D4,L8.5)

BCP and DR are the same
BCP is a part of DR
DR is a part of BCP
BCP and DR are mutually exclusive

Q.5 Which of the following is true? (D4,L8.5)

MTD is the same as MTPD
RPO is less than the MTD
RPO deals with data
All of these

Q.6 What is the last step in the change control process?  (D1, L8.1)

Implementation
Authorization
Notification

Q.7 A security audit is best defined as what?  (D3, L8.4)

A covert series of tests designed to test network authentication, hosts and perimeter security
A technical assessment that measures how well an organization uses security policies and controls to protect its information assets
Employing an intrusion detection system (IDS) to monitor anomalous traffic on a network segment and logging attempted break-ins
Hardening systems before deploying them on the corporate network

Q.8 What is the primary purpose of testing an intrusion detection system?  (D3, L8.4)

To observe that the IDS is observing and logging an appropriate response to a suspicious activity
To determine if the IDS is capable of discarding suspect packets
To analyze processor utilization to verify whether hardware upgrades are necessary
To test whether the IDS can log every possible event on the network

Q.9 Which of the following documents the steps that should be performed to restore IT functions after a business disruption event?  (D4, L8.5)